The present invention relates to secure computer network access. In particular, the present invention relates to methods and apparatus for issuing and using one-time passwords for secure computer networks.
Secure remote access to computer networks requires the end user to be authenticated before the end user is granted access to the network. In current secure remote access systems, the end user is authenticated using a variety of methods. In one method, when the end user accesses a remote server, the end user is prompted for a combination of user name or login name, password, personal identification number (“PIN”), and the like. Upon verification that the user login name and PIN are registered, the end-user is granted access to a computer network.
Drawbacks to this scheme include that once the user name and password is compromised or stolen, unauthorized access to the computer system can easily occur. Another drawback includes that simple password guessing strategies can be used to guess a password.
Another method for restricting user access to a computer system has been through the use of electronic “key cards” or “tokens.” In such solutions, users are typically issued a physical hardware device or software that allows users to enter data therein. In response to such user data, these devices output passwords, or the like that are subsequently used for a login attempt.
Drawbacks to such devices include that it is very easy to misplace or lose such hardware devices. Another drawback is that kids, pets, or the like may tamper with such “toys” to render them inoperative. Yet another drawback is that in such systems, system administrators need to manually pre-register the key cards, before the key cards will work. Still another drawback is that if the hardware device is stolen, or the like, the thief will then possess the requisite electronic identification to access the computer network.
Another drawback is that such systems rely on precise time synchronization between such “keycards” or “tokens” and the server machine. This is often difficult to perform and difficult to maintain because of clock drifts in the various devices.
Thus in light of the above, what is needed in the industry are improved methods and apparatus for issuing and using one-time passwords for computer networks, while reducing the drawbacks discussed above.